{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11723", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-13T20:37:05.956Z", "datePublished": "2026-01-06T03:21:38.601Z", "dateUpdated": "2026-04-08T17:13:22.766Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:22.766Z"}, "affected": [{"vendor": "croixhaug", "product": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.6.9.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash() function due to use of a hardcoded fall-back salt. This makes it possible for unauthenticated attackers to generate a valid token across sites running the plugin that have not manually set a salt in the wp-config.php file and access booking information that will allow them to make modifications."}], "title": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5f3fbd2-6152-4a89-8fe9-982120d1a640?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3393919/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-330 Use of Insufficiently Random Values", "cweId": "CWE-330", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Lucas Montes"}], "timeline": [{"time": "2025-10-20T19:32:38.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-01-05T15:10:45.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-06T14:19:09.718275Z", "id": "CVE-2025-11723", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-06T18:56:21.498Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11723", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-06T14:19:09.718275Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-06T14:19:11.692Z"}}], "cna": {"title": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure", "credits": [{"lang": "en", "type": "finder", "value": "Lucas Montes"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}}], "affected": [{"vendor": "croixhaug", "product": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.6.9.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-20T19:32:38.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-01-05T15:10:45.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5f3fbd2-6152-4a89-8fe9-982120d1a640?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3393919/"}], "descriptions": [{"lang": "en", "value": "The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash() function due to use of a hardcoded fall-back salt. This makes it possible for unauthenticated attackers to generate a valid token across sites running the plugin that have not manually set a salt in the wp-config.php file and access booking information that will allow them to make modifications."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-330", "description": "CWE-330 Use of Insufficiently Random Values"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:22.766Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11723", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:13:22.766Z", "dateReserved": "2025-10-13T20:37:05.956Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-06T03:21:38.601Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash() function due to use of a hardcoded fall-back salt. This makes it possible for unauthenticated attackers to generate a valid token across sites running the plugin that have not manually set a salt in the wp-config.php file and access booking information that will allow them to make modifications."}, {"lang": "es", "value": "El plugin 'Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin' para WordPress es vulnerable a la Exposici\u00f3n de Informaci\u00f3n Sensible en todas las versiones hasta la 1.6.9.5, inclusive, a trav\u00e9s de la funci\u00f3n hash() debido al uso de una 'salt' de respaldo codificada de forma r\u00edgida. Esto hace posible que atacantes no autenticados generen un token v\u00e1lido en sitios que ejecutan el plugin que no han configurado manualmente una 'salt' en el archivo wp-config.PHP y accedan a la informaci\u00f3n de reservas que les permitir\u00e1 realizar modificaciones."}], "id": "CVE-2025-11723", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-06T04:15:52.400", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3393919/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5f3fbd2-6152-4a89-8fe9-982120d1a640?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T00:37:11.162767+00:00", "value": {"mitigation_remediation": ["Upgrade the plugin to the latest version that removes the hardcoded fallback salt", "If an upgrade is not feasible, add a unique salt constant in wp-config.php to override the default value", "Restrict unauthenticated users from accessing the booking endpoints by implementing role\u2011based access controls or disabling those endpoints for public users"], "summary": {"action": "Update Plugin", "impact": "Sensitive Information Exposure and Potential Modification of Booking Data"}, "threat_synthesis": {"affected_systems": "WordPress sites that use the Appointment Booking Calendar \u2013 Simply Schedule Appointments Booking Plugin up to and including version 1.6.9.5, which do not override the default hardcoded salt in wp-config.php.", "description_and_impact": "The vulnerability allows unauthenticated attackers to generate a valid authentication token by exploiting a hardcoded fallback salt used in the hash() function of the plugin. Once the token is known, the attacker can view confidential booking details and modify booking information, thereby breaching both confidentiality and integrity of the booking system.", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in CISA's KEV catalog, but the attack vector is unauthenticated, meaning an external attacker can exploit it immediately without needing login credentials. Consequently, the risk is moderate but exploitability is limited by the low EPSS score."}}}}, "created": "2026-01-06T14:16:01.262073+00:00", "updated": "2026-04-21T00:45:23.092177+00:00", "vendors": ["croixhaug", "croixhaug$PRODUCT$appointment_booking_calendar", "wordpress", "wordpress$PRODUCT$wordpress"]}